Can we create a static Public to Private NAT Translation from a public address on [ASA 5540 B] to a host on [Layer 3 Core Switch with hosts A]?
Let's say the outside IP is 126.96.36.199, the inside interface is 172.20.20.1/24 and the MPLS host is 192.168.20.20.
The desired translation is:
static (inside,outside) 188.8.131.52 192.168.20.20 netmask 255.255.255.255 dns
We can ping the host in question from the inside interface of [ASA 5540 B].
Currently, I'd imagine this not working because ultimately one of the routers would see a request from 192.168.20.20 and continue routing it back to segment A, and it would never get back to segment B. There's a couple of ways around this, and all involve using a private IP on host B for the translation, but I don't want to create a bunch of NAT statements across our MPLS network.
Again, I don't think this can work, but I'm hoping again hope that there's a way.
Pretty sure this won't work, but... ASA 5540 static NAT public
The answer to your question is yes, you can NAT host A on ASA 5540 B.
However, how are you routing the traffic from host A. What is the default gateway for host A? If default gateway for host A is the MPLS Router A, and it routes towards MPLS Router B and so on towards Internet B, then yes, it would all work.
However, if default gateway of host A is ASA 5510A, then you might need to change the default gateway to MPLS Router A, and if MPLS Router A default route is somewhere else but MPLS Router B, then you might want to do some PBR for hostA so it is being routed towards ASA5540B.
Cisco Champion Radio · S7|E26 Simplify your Security with the new SecureX platform
Securing your organization is becoming increasingly complex. It may seem faster to tack on new point products to address the latest attack or protect yet another threat v...
Join us live on Tuesday, July 14 (and on demand after) to learn what impacts COVID-19 has had on the information security landscape from one of the people living that fight.
We'll take your questions live during the show and after, so post them belo...
TETRA Error Codes - Windows
Here are some common TETRA Error codes that you may find displayed in the dashboard as well as within the C:\Program Files\Cisco\AMP\<your_version>\sfc.exe.log or corresponding sfc.exe_<date>_<time>.logs. The...
Please note that the minimum cryptography settings in AnyConnect 4.9 have been increased. Please ensure that your head-end is properly configured for the more stringent cryptography settings (if applicable) or users will be unable to connect after updatin...